Running Head: JP Morgan Case Study 1: Case Summary Minimizing Damage From J.P. Morgan's Data Breach by Date
Running Head: JP Morgan Case Study 1: Case Summary Minimizing Damage From J.P. Morgan's Data Breach by Date
Running Head: JP Morgan Case Study 1: Case Summary Minimizing Damage From J.P. Morgan's Data Breach by Date
Case Summary
By
Date
JP Morgan Case Study
2
For a bank like JP Morgan who spends $250 million on its security annually, the excuses
of being vulnerable to data breaches are not acceptable. The computer of one of the employees
was infected with malware resulting in information and credential stolen from it.
The threats involved in this case are of several levels. The hacker were not only able to break
through several levels of the security with the use of the malicious programs but they also
obtained the administrative privileges of highest level controlling 90 servers by using multiple
zero-day vulnerabilities. Furthermore, the data was stolen during an extended period of several
months. Moreover, the overlooked server also failed in receiving the two-factor authentication
update which had made the login credentials stolen as useless. Above all, the greatest threat has
been the fact that the breach was not even discovered by JP Morgan itself. Because of the stolen
data, the JP Morgan faces the threat of future hacking from the stolen programs and applications
lists. Furthermore, many of the staff of the security department of JP Morgan is also leaving to
The entry point of the malware for JP Morgan was an infected employee computer. The
computer credentials must have been compromised which could have been through clicking on a
phishing mail or visiting of a site with malware. The malware could have been stopped if HIPS
had been deployed on the computer of the employee. Human factor is the weakest part of any
security system as not all humans are security conscious. The lack of training of the employee of
JP Morgan who assumedly got trapped in social engineering tricking technique of hacker is one
of the many vulnerabilities. Furthermore, JP Morgan could have stopped the system of
employee to get infected with the use of white listing. The employee was also granted more
JP Morgan Case Study
3
access than it was needed for his or her job. The hacker got into the JP Morgan through VPN
which was vulnerable for setting up of a command and control outbound channel that would
have then bypassed all defenses. The system of JP Morgan also failed to identify the server
which failed to receive the two factor authentication which could have been identified through
the regular vulnerability scans. Moreover, even with the mandatory NIDS deployment, the
breach went unnoticed. The hackers were also successful in deleting their log files, if JP Morgan
had consolidated logs in a secure location, hackers would not have been able to cover their
tracks. As there was no minimum baseline bogging decided for the Windows serves, JP Morgan
would have detected the breach earlier. It was also important for JP Morgan to get rid of all its
The case shows effectively how the JP Morgan shows simple vulnerabilities were ignored
that caused such huge loss. The case also showed in detail how JP Morgan could have stopped
this breach at the various stages. The case shows how the security loopholes could have been
covered by effective vulnerability and pen testing of the system. The several factors which
contributed to such long unnoticed breach of JP Morgan system were explained in detail along
Organizational response
The breach was not discovered in months and not by JP Morgan itself. The hackers
breached one of the charity websites of Hold Security Inc which discovered billion stolen
usernames and passwords including some of JP Morgan as well. This led JP Morgan security to
question its system and led them to discover the breach of their system. The bank already spends
$250 million on its security while 1000 of its employees are dedicated to this department. The
JP Morgan Case Study
4
organization was not only shocked but also was concerned over the simplicity of the failure of its
security.
Any countermeasures that the company can take for avoiding future attacks
Like any other organization, JP Morgan needs to identify its critical assets and protect it
heavily with VLANs and NIDS. Perimeter defense should be assured by installing firewalls.
Basic protection, employee training, HIPS and white listing applications would ensure stopping
malware entrance in the network or its timely discovery. Using Pre connection VLEN and NAC
for the infected system, and NIDS anomaly along with honey pots can help it reduce access to
control servers and alerting staff. Furthermore, implanting of SELinux, RBAC, APPArmor and
using of less privilege access system can also help JP Morgan against the hackers. Proper
logging along with active monitoring, using crypto free zones, and NIDS would have aided in
strengthening the security. Pen testing, and scans for vulnerability would have helped in early
discovery of hackers.
No entity is fully safe at all time, however with these recommended solutions; JP Morgan
can strengthen its security of the system. With effective security staff and well aware employees
Source:
Jeng, A. (2015). Minimizing Damage From JP Morgan’s Data Breach. SANS Institue.